<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
  
  
 
  
 
 
  
 
  <head> 
    <title> 
          #160065 (formAuthBruteforce: Once a password is found, cookies are re-used and false positives are found)
     – w3af
    </title> 
        <link rel="search" href="/apps/trac/w3af/search" /> 
        <link rel="prev" href="/apps/trac/w3af/ticket/160061" title="Ticket #160061" /> 
        <link rel="last" href="/apps/trac/w3af/ticket/160005" title="Ticket #160005" /> 
        <link rel="help" href="/apps/trac/w3af/wiki/TracGuide" /> 
        <link rel="alternate" href="/apps/trac/w3af/ticket/160065?format=csv" type="text/csv" class="csv" title="Comma-delimited Text" /><link rel="alternate" href="/apps/trac/w3af/ticket/160065?format=tab" type="text/tab-separated-values" class="tab" title="Tab-delimited Text" /><link rel="alternate" href="/apps/trac/w3af/ticket/160065?format=rss" type="application/rss+xml" class="rss" title="RSS Feed" /> 
        <link rel="up" href="/apps/trac/w3af/report/1?USER=andresriancho&amp;page=1" /> 
        <link rel="next" href="/apps/trac/w3af/ticket/148620" title="Ticket #148620" /> 
        <link rel="start" href="/apps/trac/w3af/wiki" /> 
        <link rel="stylesheet" href="/apps/trac/w3af/chrome/common/css/trac.css" type="text/css" /><link rel="stylesheet" href="/apps/trac/w3af/chrome/common/css/ticket.css" type="text/css" /> 
        <link rel="first" href="/apps/trac/w3af/ticket/143124" title="Ticket #143124" /> 
        <link rel="shortcut icon" href="/apps/trac/w3af/chrome/common/trac.ico" type="image/x-icon" /> 
        <link rel="icon" href="/apps/trac/w3af/chrome/common/trac.ico" type="image/x-icon" /> 
      <link type="application/opensearchdescription+xml" rel="search" href="/apps/trac/w3af/search/opensearch" title="Search w3af" /> 
    <script type="text/javascript" src="/apps/trac/w3af/chrome/common/js/jquery.js"></script><script type="text/javascript" src="/apps/trac/w3af/chrome/common/js/trac.js"></script><script type="text/javascript" src="/apps/trac/w3af/chrome/common/js/search.js"></script> 
    <!--[if lt IE 7]>
    <script type="text/javascript" src="/apps/trac/w3af/chrome/common/js/ie_pre7_hacks.js"></script>
    <![endif]--> 
    <script type="text/javascript" src="/apps/trac/w3af/chrome/common/js/wikitoolbar.js"></script><script type="text/javascript"> 
      jQuery(document).ready(function($) {
        $("div.description").find("h1,h2,h3,h4,h5,h6").addAnchor("Link to this section");
        $("#changelog h3.change").addAnchor("Link to this change");
        /* only enable control elements for the currently selected action */
        var actions = $("#action input[name='action']");
        function updateActionFields() {
          actions.each(function () {
            $(this).siblings().find("*[@id]").enable($(this).checked());
            $(this).siblings().filter("*[@id]").enable($(this).checked());
          });
        }
        actions.click(updateActionFields);
        updateActionFields();
      });
    </script> 
  <link type="text/css" href="/apps/trac/w3af/chrome/site/ha-css/default2.css" rel="stylesheet" /> 
 
    <link rel="stylesheet" type="text/css" href="https://static.sourceforge.net/css/develop/hosted.php?secure=1&amp;1280691379" media="all" /> 
    <!-- BEGIN: AdSolution-Tag 4.2: Global-Code [PLACE IN HTML-HEAD-AREA!] --> 
    <!-- DoubleClick Random Number --> 
    <script language="JavaScript" type="text/javascript"> 
      dfp_ord=Math.random()*10000000000000000;
      dfp_tile = 1;
    </script> 
	
    <!-- End DoubleClick Random Number --> 
    <!-- END: AdSolution-Tag 4.2: Global-Code --> 
 
</head> 
  <body> 
 
<script type="text/javascript"> 
  var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
  document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script> 
 
<script type="text/javascript"> 
  var pageTracker = _gat._getTracker("UA-32013-36");
</script> 
 
<!--[if IE 7]><div id="ie7only"><![endif]--> 
<!--[if IE 6]><div id="ie6only"><![endif]--> 
<!--[if IE]><div id="ieonly"><![endif]--> 
<div id="sf_doc3"> 
    <div id="sf_hd" class="sfha"> 
        <p id="metaNav"><a href="/users/andresriancho">Andres Riancho</a> <a href="/account/" title="Manage your account options">Account</a> <a href="/account/logout.php" class="logout" title="Leaving so soon?">Log&nbsp;out</a></p> 
        <a href="https://sourceforge.net" id="sf_logo"></a> 
        <ul id="sfnav"> 
            <li><a href="/projects/w3af" title="Project summary page hosted on SourceForge.net">Visit project w3af</a></li> 
        </ul> 
        <div id="sf_fad1" class="sf"> 
            <script type="text/javascript"> 
           //<![CDATA[
             document.write('<script src="https://ad.doubleclick.net/adj/ostg.sourceforge/cons_hosted_apps_p11_spons;pg=default;dcopt=ist;tile='+dfp_tile+';tpc=project;tpc=w3af;ord='+dfp_ord+'?" type="text/javascript"><\/script>');
             dfp_tile++;
            //]]>
            </script> 
        </div> 
    </div> 
    
    <div id="sf_bd" class="sfha"> 
 
	<div id="doc3" class="yui-t6"> 
		<div id="bd"> 
			<a name="content"></a> 
<!-- End Header --> 
    <div id="banner"> 
      <div id="header"> 
        <h1><a href="http://sourceforge.net/projects/w3af/">w3af</a></h1> 
      </div> 
      <form id="search" action="/apps/trac/w3af/search" method="get"> 
        <div> 
          <label for="proj-search">Search:</label> 
          <input type="text" id="proj-search" name="q" size="18" value="" /> 
          <input type="submit" value="Search" /> 
        </div> 
      </form> 
      <div id="metanav" class="nav"> 
    <ul> 
      <li class="first">logged in as andresriancho</li><li><a href="/apps/trac/w3af/prefs">Preferences</a></li><li><a href="/apps/trac/w3af/wiki/TracGuide">Help/Guide</a></li><li class="last"><a href="/apps/trac/w3af/about">About Trac</a></li> 
    </ul> 
  </div> 
    </div> 
    <div id="mainnav" class="nav"> 
    <ul> 
      <li class="first"><a href="/apps/trac/w3af/wiki">Wiki</a></li><li><a href="/apps/trac/w3af/timeline">Timeline</a></li><li><a href="/apps/trac/w3af/roadmap">Roadmap</a></li><li><a href="/apps/trac/w3af/browser">Browse Source</a></li><li class="active"><a href="/apps/trac/w3af/report">View Tickets</a></li><li><a href="/apps/trac/w3af/newticket">New Ticket</a></li><li><a href="/apps/trac/w3af/search">Search</a></li><li class="last"><a href="/apps/trac/w3af/admin" title="Administration">Admin</a></li> 
    </ul> 
  </div> 
    <div id="main"> 
      <div id="ctxtnav" class="nav"> 
        <h2>Context Navigation</h2> 
          <ul> 
            <li class="first "><span>&larr; <a class="prev" href="/apps/trac/w3af/ticket/160061" title="Ticket #160061">Previous Ticket</a></span></li><li><a href="/apps/trac/w3af/report/1?USER=andresriancho&amp;page=1">Back to Query</a></li><li class="last"><span><a class="next" href="/apps/trac/w3af/ticket/148620" title="Ticket #148620">Next Ticket</a> &rarr;</span></li> 
          </ul> 
        <hr /> 
      </div> 
    <div id="content" class="ticket"> 
      <h1> 
              Ticket #160065
          <span class="status">(new defect)</span> 
      </h1> 
      <!-- Do not show the ticket (pre)view when the user first comes to the "New Ticket" page.
           Wait until they hit preview. --> 
        <!-- Ticket Box (ticket fields along with description) --> 
        <div id="ticket"> 
          <div class="date"> 
            <p>Opened <a class="timeline" href="/apps/trac/w3af/timeline?from=2010-08-15T19%3A35%3A10Z%2B0000&amp;precision=second" title="2010-08-15T19:35:10Z+0000 in Timeline">69 seconds</a> ago</p> 
          </div> 
          <!-- use a placeholder if it's a new ticket --> 
          <h2 class="summary searchable">formAuthBruteforce: Once a password is found, cookies are re-used and false positives are found</h2> 
          <table class="properties"> 
            <tr> 
              <th id="h_reporter">Reported by:</th> 
              <td headers="h_reporter" class="searchable">andresriancho</td> 
              <th id="h_owner">Owned by:</th> 
              <td headers="h_owner">andresriancho
              </td> 
            </tr> 
            <tr> 
                <th id="h_priority"> 
                  Priority:
                </th> 
                <td headers="h_priority"> 
                      major
                </td> 
                <th id="h_milestone"> 
                  Milestone:
                </th> 
                <td headers="h_milestone"> 
                      <a class="milestone" href="/apps/trac/w3af/milestone/1.0">1.0</a> 
                </td> 
            </tr><tr> 
                <th id="h_component"> 
                  Component:
                </th> 
                <td headers="h_component"> 
                      w3af-plugins
                </td> 
                <th id="h_version"> 
                  Version:
                </th> 
                <td headers="h_version"> 
                </td> 
            </tr><tr> 
                <th id="h_keywords"> 
                  Keywords:
                </th> 
                <td headers="h_keywords" class="searchable"> 
                </td> 
                <th id="h_cc"> 
                  Cc:
                </th> 
                <td headers="h_cc" class="searchable"> 
                </td> 
            </tr> 
          </table> 
            <div class="description"> 
              <h3 id="comment:description"> 
                Description
              </h3> 
              <form id="addreply" method="get" action="#comment"> 
                <div class="inlinebuttons"> 
                  <input type="hidden" name="replyto" value="description" /> 
                  <input type="submit" name="reply" value="Reply" title="Reply, quoting this description" /> 
                </div> 
              </form> 
              <div class="searchable"> 
                <p> 
Once a valid password is found, cookies are re-used and false positives are found:<br /> 
</p> 
<p> 
Found authentication credentials to: "<a class="ext-link" href="http://127.0.0.1/chek/index.php"><span class="icon">http://127.0.0.1/chek/index.php</span></a>". The correct password is: "vetal". This vulnerability was found in the request with id 100.                                                                                                                         <br /> 
POST <a class="ext-link" href="http://127.0.0.1/chek/index.php"><span class="icon">http://127.0.0.1/chek/index.php</span></a> with data: "passwd=123p4ss" returned HTTP code "200" - id: 101                                            <br /> 
No grep for : <a class="ext-link" href="http://127.0.0.1/chek/index.php"><span class="icon">http://127.0.0.1/chek/index.php</span></a> , the plugin sent grepResult=False.                                                              <br /> 
POST <a class="ext-link" href="http://127.0.0.1/chek/index.php"><span class="icon">http://127.0.0.1/chek/index.php</span></a> with data: "passwd=1q2w3e" returned HTTP code "200" - id: 102                                             <br /> 
No grep for : <a class="ext-link" href="http://127.0.0.1/chek/index.php"><span class="icon">http://127.0.0.1/chek/index.php</span></a> , the plugin sent grepResult=False.                                                              <br /> 
Found authentication credentials to: "<a class="ext-link" href="http://127.0.0.1/chek/index.php"><span class="icon">http://127.0.0.1/chek/index.php</span></a>". The correct password is: "1q2w3e". This vulnerability was found in the request with id 102.                                                                                                                           <br /> 
POST <a class="ext-link" href="http://127.0.0.1/chek/index.php"><span class="icon">http://127.0.0.1/chek/index.php</span></a> with data: "passwd=passwd" returned HTTP code "200" - id: 103                                             <br /> 
No grep for : <a class="ext-link" href="http://127.0.0.1/chek/index.php"><span class="icon">http://127.0.0.1/chek/index.php</span></a> , the plugin sent grepResult=False.                                                              <br /> 
Found authentication credentials to: "<a class="ext-link" href="http://127.0.0.1/chek/index.php"><span class="icon">http://127.0.0.1/chek/index.php</span></a>". The correct password is: "passwd". This vulnerability was found in the request with id 103.                                                                                                                           <br /> 
POST <a class="ext-link" href="http://127.0.0.1/chek/index.php"><span class="icon">http://127.0.0.1/chek/index.php</span></a> with data: "passwd=a5dd5a" returned HTTP code "200" - id: 104                                             <br /> 
No grep for : <a class="ext-link" href="http://127.0.0.1/chek/index.php"><span class="icon">http://127.0.0.1/chek/index.php</span></a> , the plugin sent grepResult=False.                                                              <br /> 
Found authentication credentials to: "<a class="ext-link" href="http://127.0.0.1chek/index.php"><span class="icon">http://127.0.0.1chek/index.php</span></a>". The correct password is: "a5dd5a". This vulnerability was found in the request with id 104.    <br /> 
</p> 
 
              </div> 
            </div> 
        </div> 
          <h2>Attachments</h2> 
          <div id="attachments"> 
    <form method="get" action="/apps/trac/w3af/attachment/ticket/160065/" id="attachfile"> 
      <div> 
        <input type="hidden" name="action" value="new" /> 
        <input type="submit" name="attachfilebutton" value="Attach file" /> 
      </div> 
    </form> 
          </div> 
      <form action="/apps/trac/w3af/ticket/160065" method="post" id="propertyform"><div><input type="hidden" name="__FORM_TOKEN" value="cdf7bcfd038927b207c446a9" /></div> 
        <h3><a id="edit" onfocus="$('#comment').get(0).focus()"> 
            Add/Change #160065 (formAuthBruteforce: Once a password is found, cookies are re-used and false positives are found)</a></h3> 
        <div class="field"> 
          <fieldset class="iefix"> 
            <label for="comment">Comment (you may use
              <a tabindex="42" href="/apps/trac/w3af/wiki/WikiFormatting">WikiFormatting</a> 
              here):
            </label><br /> 
            <p><textarea id="comment" name="comment" class="wikitext" rows="10" cols="78"> 
</textarea></p> 
          </fieldset> 
        </div> 
        <fieldset id="properties"> 
          <legend>Change Properties</legend> 
          <table> 
            <tr> 
              <th><label for="field-summary">Summary:</label></th> 
              <td class="fullrow" colspan="3"> 
                <input type="text" id="field-summary" name="field_summary" value="formAuthBruteforce: Once a password is found, cookies are re-used and false positives are found" size="70" /> 
              </td> 
            </tr> 
              <tr> 
                <th><label for="field-reporter">Reporter:</label></th> 
                <td class="fullrow" colspan="3"> 
                  <input type="text" id="field-reporter" name="field_reporter" value="andresriancho" size="70" /> 
                </td> 
              </tr> 
              <tr> 
                <th><label for="field-description">Description:</label></th> 
                <td class="fullrow" colspan="3"> 
                  <textarea id="field-description" name="field_description" class="wikitext" rows="10" cols="68">Once a valid password is found, cookies are re-used and false positives are found:
 
Found authentication credentials to: "http://127.0.0.1/chek/index.php". The correct password is: "vetal". This vulnerability was found in the request with id 100.                                                                                                                         
POST http://127.0.0.1/chek/index.php with data: "passwd=123p4ss" returned HTTP code "200" - id: 101                                            
No grep for : http://127.0.0.1/chek/index.php , the plugin sent grepResult=False.                                                              
POST http://127.0.0.1/chek/index.php with data: "passwd=1q2w3e" returned HTTP code "200" - id: 102                                             
No grep for : http://127.0.0.1/chek/index.php , the plugin sent grepResult=False.                                                              
Found authentication credentials to: "http://127.0.0.1/chek/index.php". The correct password is: "1q2w3e". This vulnerability was found in the request with id 102.                                                                                                                           
POST http://127.0.0.1/chek/index.php with data: "passwd=passwd" returned HTTP code "200" - id: 103                                             
No grep for : http://127.0.0.1/chek/index.php , the plugin sent grepResult=False.                                                              
Found authentication credentials to: "http://127.0.0.1/chek/index.php". The correct password is: "passwd". This vulnerability was found in the request with id 103.                                                                                                                           
POST http://127.0.0.1/chek/index.php with data: "passwd=a5dd5a" returned HTTP code "200" - id: 104                                             
No grep for : http://127.0.0.1/chek/index.php , the plugin sent grepResult=False.                                                              
Found authentication credentials to: "http://127.0.0.1chek/index.php". The correct password is: "a5dd5a". This vulnerability was found in the request with id 104.    </textarea> 
                </td> 
              </tr> 
            <tr> 
                <th class="col1"> 
                  <label for="field-type">Type:</label> 
                </th> 
                <td class="col1"> 
                    <select id="field-type" name="field_type"> 
                      <option selected="selected">defect</option><option>enhancement</option><option>task</option> 
                    </select> 
                </td> 
                <th class="col2"> 
                  <label for="field-priority">Priority:</label> 
                </th> 
                <td class="col2"> 
                    <select id="field-priority" name="field_priority"> 
                      <option>blocker</option><option>critical</option><option selected="selected">major</option><option>minor</option><option>trivial</option> 
                    </select> 
                </td> 
            </tr><tr> 
                <th class="col1"> 
                  <label for="field-milestone">Milestone:</label> 
                </th> 
                <td class="col1"> 
                    <select id="field-milestone" name="field_milestone"> 
                      <option></option> 
                      <optgroup label="Open (by due date)"> 
                        <option selected="selected">1.0</option><option>1.1</option><option>1.2</option><option>1.3</option><option>1.4</option><option>2.0</option><option>2.1</option><option>2.2</option> 
                      </optgroup><optgroup label="Closed"> 
                        <option>1.0-rc3</option> 
                      </optgroup> 
                    </select> 
                </td> 
                <th class="col2"> 
                  <label for="field-component">Component:</label> 
                </th> 
                <td class="col2"> 
                    <select id="field-component" name="field_component"> 
                      <option>documentation</option><option>package-debian</option><option>package-freebsd</option><option>payloads</option><option>w3af-core</option><option selected="selected">w3af-plugins</option><option>w3af-user-interface</option><option>windows-installer</option> 
                    </select> 
                </td> 
            </tr><tr> 
                <th class="col1"> 
                  <label for="field-version">Version:</label> 
                </th> 
                <td class="col1"> 
                    <select id="field-version" name="field_version"> 
                      <option></option> 
                      <option>1.0-rc2</option> 
                    </select> 
                </td> 
                <th class="col2"> 
                  <label for="field-keywords">Keywords:</label> 
                </th> 
                <td class="col2"> 
                        <input type="text" id="field-keywords" name="field_keywords" value="" /> 
                </td> 
            </tr><tr> 
                <th class="col1"> 
                  <label for="field-cc">Cc:</label> 
                </th> 
                <td class="col1"> 
                        <span> 
                          <input type="text" id="field-cc" title="Space or comma delimited email addresses and usernames are accepted." name="field_cc" value="" /> 
                        </span> 
                </td> 
                <th class="col2"> 
                </th> 
                <td class="col2"> 
                </td> 
            </tr> 
          </table> 
        </fieldset> 
          <fieldset id="action"> 
            <legend>Action</legend> 
            <div> 
              <input type="radio" id="action_leave" name="action" value="leave" checked="checked" /> 
                <label for="action_leave">leave</label> 
                as new
                <span class="hint"></span> 
            </div><div> 
              <input type="radio" id="action_resolve" name="action" value="resolve" /> 
                <label for="action_resolve">resolve</label> 
                as <select name="action_resolve_resolve_resolution" id="action_resolve_resolve_resolution"><option selected="selected">fixed</option><option>invalid</option><option>wontfix</option><option>duplicate</option><option>worksforme</option></select> 
                <span class="hint">The resolution will be set. Next status will be 'closed'</span> 
            </div><div> 
              <input type="radio" id="action_reassign" name="action" value="reassign" /> 
                <label for="action_reassign">reassign</label> 
                to <input type="text" name="action_reassign_reassign_owner" value="andresriancho" id="action_reassign_reassign_owner" /> 
                <span class="hint">The owner will change from andresriancho. Next status will be 'assigned'</span> 
            </div><div> 
              <input type="radio" id="action_accept" name="action" value="accept" /> 
                <label for="action_accept">accept</label> 
                <span class="hint">Next status will be 'accepted'</span> 
            </div> 
          </fieldset> 
        <div class="buttons"> 
            <input type="hidden" name="ts" value="2010-08-15 19:35:10+00:00" /> 
            <input type="hidden" name="replyto" /> 
            <input type="hidden" name="cnum" value="1" /> 
          <input type="submit" name="preview" value="Preview" /> 
          <input type="submit" name="submit" value="Submit changes" /> 
        </div> 
      </form> 
      <div id="help"> 
        <strong>Note:</strong> See
        <a href="/apps/trac/w3af/wiki/TracTickets">TracTickets</a> for help on using
        tickets.
      </div> 
    </div> 
    <div id="altlinks"> 
      <h3>Download in other formats:</h3> 
      <ul> 
        <li class="first"> 
          <a rel="nofollow" href="/apps/trac/w3af/ticket/160065?format=csv" class="csv">Comma-delimited Text</a> 
        </li><li> 
          <a rel="nofollow" href="/apps/trac/w3af/ticket/160065?format=tab" class="tab">Tab-delimited Text</a> 
        </li><li class="last"> 
          <a rel="nofollow" href="/apps/trac/w3af/ticket/160065?format=rss" class="rss">RSS Feed</a> 
        </li> 
      </ul> 
    </div> 
    </div> 
    <div id="footer" lang="en" xml:lang="en"><hr /> 
      <a id="tracpowered" href="http://trac.edgewall.org/"><img src="/apps/trac/w3af/chrome/common/trac_logo_mini.png" height="30" width="107" alt="Trac Powered" /></a> 
      <p class="left"> 
        Powered by <a href="/apps/trac/w3af/about"><strong>Trac 0.11.2.1</strong></a><br /> 
        By <a href="http://www.edgewall.org/">Edgewall Software</a>.
      </p> 
      <p class="right"></p> 
    </div> 
<!-- Footer --> 
		</div> 
        </div> 
<!-- End Footer --> 
 
    <br style="clear: both"/> 
    </div> 
    
    <div id="sf_ft" class="sfha"> 
        <p class="copyright">&copy; 2010 <a title="Network which provides and promotes Open Source software downloads, development, discussion and news." href="http://geek.net">Geeknet, Inc.</a> <a href="http://p.sf.net/sourceforge/terms">Terms of Use</a> <a href="http://p.sf.net/sourceforge/privacy">Privacy Policy</a></p> 
    </div> 
    
    <script type="text/javascript"> 
	pageTracker._trackPageview();
    </script> 
 
</div> 
<!--[if IE]></div><![endif]--> 
<!--[if IE 6]></div><![endif]--> 
<!--[if IE 7]></div><![endif]-->    
</body> 
</html> 
 
 	  	 
